Deploying the Phone-home Client and Zero Touch Provisioning on vSRX Virtual Firewall
SUMMARY
Factory Default Configuration on vSRX Virtual Firewall
Here's the factory default configuration for the phone-home client:
set system services web-management http interface fxp0.0 set system services web-management https system-generated-certificate set system services web-management https interface fxp0.0 set system name-server 8.8.8.8 set system name-server 8.8.4.4 set system syslog file messages any any set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval set system phone-home server https://redirect.juniper.net set system phone-home rfc-compliant set interfaces fxp0 unit 0 family inet dhcp
You must perform the changes suggested in the ‘vSRX Virtual Firewall XML on KVM’ and ‘vSRX Virtual Firewall virtual machine edit settings in VMware’ before the first reboot. This ensures that the correct factory default configuration with PHC commands are loaded during the first boot.
Deploying ZTP on KVM
To deploy ZTP on a KVM, set the entry name='version' to phone-home-true in the VM deployment XML file.
For example:
<os>
….
<smbios mode='sysinfo'/>
</os>
<sysinfo type='smbios'>
<system>
<entry name='version'>phonehome=true</entry>
</system>
</sysinfo>
Deploying ZTP on VMWare
To deploy ZTP on VMWare, enable the Open Virtualization Format (OVF) setting in the VMWare GUI, and set phone-home to true.
- To enable OVF in the VMWare GUI, go to Edit Virtual Machine Setting | vApp Options | OVF setting : OVF environment transparent | VMWare Tools: enable.
- To enable the phone-home client in the VMWare GUI, go to Edit Virtual Machine Setting | vApp Options | Properties | phone-home true .
Deploying ZTP on Amazon Web Services, Google Cloud Platform, and Oracle CIoud Infrastructure
To enable ZTP on Amazon Web Services, Google Cloud Platform, and Oracle CIoud Infrastructure, add the following phone-home client configuration in the CLOUD-INIT USER-DATA file:
system {
name-server {
8.8.8.8;
8.8.4.4;
}
syslog {
file messages {
any any;
}
}
services {
ssh;
web-management {
http {
interface fxp0.0;
}
https {
system-generated-certificate;
interface fxp0.0;
}
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
phone-home {
server https://redirect.juniper.net;
rfc-compliant;
}
}
interfaces {
fxp0 {
unit 0 {
family inet {
dhcp;
}
}
}
}Deploying ZTP on Microsoft Azure
To enable ZTP on Microsoft Azure, add the following phone-home client configuration in the write_files section of the CLOUD_INIT_CONFIG.JSON file:
{
"content": "configure\nset system name-server 8.8.8.8\nset system name-server 8.8.4.4\nset system phone-home server
https://redirect.juniper.net\nset system phone-home rfc-compliant\nset interfaces fxp0 unit 0 family inet dhcp\ncommit\n",
"path": "/var/tmp/test_config"
},